Upgrade pan-domain-node to 1.2.0

[waisingyiu]

What does this change?

This pull request is part of the work to address the FSBP high severity issue about the bucket pan-domain-auth-settings not blocking public access. We observed that some S3 objects (specifically, the public key files) in this bucket were accessed via direct HTTP URL without any credential using pan-domain-node library.

We changed the pan-domain-node library (guardian/pan-domain-node#47) to get the public key files with AWS SDK that requires AWS credentials in the execution environment. This change was published to the NPM repository as version 1.1.0.

This pull request bumps the pan-domain-node dependency to version 1.2.0 (the latest version that includes the change described above) so that it reads the public key files by AWS SDK rather than unauthenticated direct HTTP request.

How to test

We can see a "pinboard pre-selection" page when we hit the endpoint "https://pinboard.local.dev-gutools.co.uk/" while running it locally.

• we can see on the network tab of an browser inspector tool that the requests to fetch "pinboard.loader.js" and "pinboard.main..js" return success with the scripts.

Deployed it to CODE and open the Composer CODE.

• we can see the pinboard yellow button at the bottom right corner.
• it pops up the pinboard window when hitting the pinboard button.
• the inspector tool shows that the requests to fetch "pinboard.loader.js" and "pinboard.main..js" return success with the scripts.

How can we measure success?

Make progress towards enabling "block all public access" on the S3 bucket "pan-domain-auth-settings".

Have we considered potential risks?

Should be minimal because the same bucket is shared between CODE and PROD. If the application can access the public key file on CODE, it should be able to do it on PROD.

[prout-bot]

Seen on PROD (merged by @waisingyiu 3 minutes and 17 seconds ago) Please check your changes!